From c952d07b42bd2115030a43ae3ed5247d8023c563 Mon Sep 17 00:00:00 2001 From: Daniel Baluta Date: Thu, 16 Oct 2025 17:09:49 +0300 Subject: [PATCH 1/2] module_adapter: generic: Introduce mod_generic_init Factor out resource initialization so that it can be reused. While at it get rid of md variable. Signed-off-by: Daniel Baluta --- src/audio/module_adapter/module/generic.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/audio/module_adapter/module/generic.c b/src/audio/module_adapter/module/generic.c index f77377a54cea..fcd5ece70b2f 100644 --- a/src/audio/module_adapter/module/generic.c +++ b/src/audio/module_adapter/module/generic.c @@ -71,10 +71,20 @@ int module_load_config(struct comp_dev *dev, const void *cfg, size_t size) return ret; } +static void mod_resource_init(struct processing_module *mod) +{ + struct module_data *md = &mod->priv; + /* Init memory list */ + list_init(&md->resources.res_list); + list_init(&md->resources.free_cont_list); + list_init(&md->resources.cont_chunk_list); + md->resources.heap_usage = 0; + md->resources.heap_high_water_mark = 0; +} + int module_init(struct processing_module *mod) { int ret; - struct module_data *md = &mod->priv; struct comp_dev *dev = mod->dev; const struct module_interface *const interface = dev->drv->adapter_ops; @@ -99,14 +109,9 @@ int module_init(struct processing_module *mod) return -EIO; } - /* Init memory list */ - list_init(&md->resources.res_list); - list_init(&md->resources.free_cont_list); - list_init(&md->resources.cont_chunk_list); - md->resources.heap_usage = 0; - md->resources.heap_high_water_mark = 0; + mod_resource_init(mod); #if CONFIG_MODULE_MEMORY_API_DEBUG && defined(__ZEPHYR__) - md->resources.rsrc_mngr = k_current_get(); + mod->priv.resources.rsrc_mngr = k_current_get(); #endif /* Now we can proceed with module specific initialization */ ret = interface->init(mod); @@ -117,7 +122,7 @@ int module_init(struct processing_module *mod) comp_dbg(dev, "done"); #if CONFIG_IPC_MAJOR_3 - md->state = MODULE_INITIALIZED; + mod->priv.state = MODULE_INITIALIZED; #endif return 0; From fb17ec94f7df3841dfa67dbc9e724eac6d9b5a37 Mon Sep 17 00:00:00 2001 From: Daniel Baluta Date: Sun, 12 Oct 2025 20:56:16 +0300 Subject: [PATCH 2/2] module_adapter: generic: Fix use after free Remove any containers from the free container list so that we don't keep pointers to containers that are no longer used and will be freed when container chunks are released below. Leaving those nodes in the free container list would cause use-after-free on subsequent allocations. While at it, make sure all resource lists are reset. Signed-off-by: Daniel Baluta --- src/audio/module_adapter/module/generic.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/audio/module_adapter/module/generic.c b/src/audio/module_adapter/module/generic.c index fcd5ece70b2f..82d3188c28b5 100644 --- a/src/audio/module_adapter/module/generic.c +++ b/src/audio/module_adapter/module/generic.c @@ -599,6 +599,13 @@ void mod_free_all(struct processing_module *mod) list_item_del(&container->list); } + list_for_item_safe(list, _list, &res->free_cont_list) { + struct module_resource *container = + container_of(list, struct module_resource, list); + + list_item_del(&container->list); + } + list_for_item_safe(list, _list, &res->cont_chunk_list) { struct container_chunk *chunk = container_of(list, struct container_chunk, chunk_list); @@ -606,6 +613,9 @@ void mod_free_all(struct processing_module *mod) list_item_del(&chunk->chunk_list); rfree(chunk); } + + /* Make sure resource lists and accounting are reset */ + mod_resource_init(mod); } EXPORT_SYMBOL(mod_free_all);